Business and IT Agree: Govern by Committee

Regulatory pressure, a turbulent economy, changing customer trends - at a time of dramatic changes in the insurance industry, IT governance has never been more important. Some experts say that as a result of tightening budgets and increasing regulation, more insurers are adopting IT governance practices, often times headed up by an IT governance steering committee.

These committees can look to established frameworks and models to help them evaluate numerous IT project decisions. But which ones most effectively promote IT governance best practices? Find out what some insurers are selecting, and how they're helping the business deliver value to the organization.

For insurers, there's never been a better time to firm up IT governance efforts. The turbulent economy demands that IT expenditures deliver as much business value as possible. Regulatory pressure is increasing. The fast pace of change reshaping the industry demands greater agility from IT operations to better understand customer trends, as well as support new product launches.

"With budgets getting tighter, and regulation expecting to increase, we're seeing more companies adopting IT governance practices that hadn't before," says Jeff Goldberg, senior analyst with Celent. "You will see fewer companies that don't have at least some kind of process for making decisions before starting IT projects and doing IT expenditures, which is a good thing."

This is a message that's being driven home across many industries - the IT Governance Institute (ITGI) finds support for the general principles of IT governance running high in its latest survey of 250 executives. Seventy percent of respondents consider IT governance an integrated part of their enterprise governance; while another 27% see IT governance as separate and distinct from their enterprise governance activities.

Effective IT governance doesn't just guide IT decision making, it also helps position IT as a critical partner in both the operational and strategic management of companies. In the ITGI survey, for example, more than half of the respondents said their CIOs are on the company's executive team, and, notably, have a strong voice on the team.

Leading insurance companies report that strong governance roles exist for their IT executives. At New York-based AXA Equitable Life Insurance Co., the CIO and CFO serve as executive management co-chairs of the insurer's IT governance committee that drives IT-related decisions, says Kevin Murray, CIO of AXA Equitable.

At The Hartford, Hartford, Conn., an IT steering committee comprised of the company's top business executives drives IT project decisions. "We have an enormously strong level of senior leadership engagement in the development of business strategy," says Mark Hayes, manager of P&C Technology Investment Management at The Hartford. At New York-based Delos Insurance, IT decisions are also led by the business side - the firm's COO in particular - relates Eugene Vatnik, CTO for Delos.

Insurers with strong governance structures also have systematic approaches to approving IT expenditures.

For example, The Hartford's P&C business considers IT investments in the context of three major criteria: whether they meet financial, operational and technical thresholds, Hayes says. At AXA Equitable, all IT projects are weighed and ranked based on three primary metrics, Murray explains. "Return on investment, net present value, and something we use called BVI, or Benefit Value Index, which is a ratio of net present value and cost."

FOLLOWING THE MODEL

Adoption of models or frameworks to guide IT governance efforts is mixed. The ITGI survey finds that about 43% of executives were familiar with the most common frameworks, and about a third were working with international frameworks such as International Organization for Standardization (ISO) standards, IT Infrastructure Library (ITIL) or Control Objectives for Information and related Technology (COBIT). An equal number reported having their own corporate or internal framework.

At Delos Insurance, which built many of its systems and processes from scratch since its founding in August 2006, COBIT has been the best approach, Vatnik reports.

"We chose COBIT because it was developed for IT process management, with a strong focus on control. Also, the ITIL model does not support development of any new applications."

However, he cautions, "frameworks such as COBIT are not a magic bullet." Organizations need to be highly adaptable to change to move forward.

The Hartford is following a number of frameworks to promote IT governance best practices, Hayes reports.

"We have not used one model," he explains. "What we've found is that there are a number of effective models, and aspects of those models can be applied very effectively in our particular context, and consistent with our strategy. We have the best of a number of models all working together in conjunction to help us deliver on the value that our business needs to execute on the strategy."

AXA Equitable also has adopted parts of COBIT, but mainly subscribes to the Capability Maturity Model Integration (CMMI) process, which is a set of integrated models covering software development and improvement processes.

"We're a CMMI Level 3 shop, and rely on CMMI for controls and processes," Murray says.

Executives with high-level IT governance processes in place report that there has been little, if any, impact from current economic conditions, as their IT budgets are synched to business requirements.

"We had a strategic IT plan already in place and the capital we needed to implement a new annuity and life administration system, which we think will provide a competitive advantage and put us in an even better position than before the economic downturn," Murray says.

For many companies, greater scrutiny of IT spending is creating greater discussion and in-depth examination of their value to organizations, Goldberg says. "I think a lot of times people look at IT governance as a hassle," he says. "But there's a reason why an organization wants to make sure everybody is reviewed and is on the same page for a project, and it is to make sure that the projects are the right ones. Once this is done, it means that you're going to get the resources, you're going to get the business user input that you need, and there will be a more positive outcome."

Joe McKendrick is an author and consultant specializing in information technology, based in Doylestown, Pa., and a regular blogger for www.insurancenetworking.com.

For more about IT governance, search "Governance. Literally." at www.insurancenetworking.com.